WordPress 2.1.1 – Command Execution Backdoor | CVE 2007-1277

Affects WordPress

2.1.1

Fixed in WordPress 2.1.2

References

CVE

CVE-2007-1277

URL

https://exchange.xforce.ibmcloud.com/vulnerabilities/32807

URL

https://wordpress.org/news/2007/03/upgrade-212/

Classification

Type

RCE

OWASP top 10

A1: Injection

CWE

CWE-94

Miscellaneous

Verified

No

WPVDB ID

5c4cf85b-97e8-4044-839b-b3656c337706

Timeline

Publicly Published

2014-08-01 (about 11 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2025-01-30

Title

Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg < 1.6.1 - Authenticated (Administrator+) Remote Code Execution

Published

2025-02-24

Title

Ark Theme Core < 1.71.0 - Unauthenticated Remote Code Execution

Published

2024-06-05

Title

Album and Image Gallery plus Lightbox < 2.1 - Unauthenticated Arbitrary Shortcode Execution

Published

2024-05-23

Title

Email Log < 2.4.9 - Unauthenticated Hook Injection

Published

2020-04-27

Title

Simple File List < 4.2.3 - Unauthenticated Arbitrary File Upload RCE